Sign-up

ID

VAR-202207-0936


CVE

CVE-2022-33708


TITLE

Samsung Galaxy Store Input Validation Error Vulnerability (CNVD-2022-76491)

Trust: 0.6

sources: CNVD: CNVD-2022-76491

DESCRIPTION

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. Samsung Galaxy Store is an application store for Samsung (Samsung) mobile devices

Trust: 1.53

sources: NVD: CVE-2022-33708 // CNVD: CNVD-2022-76491 // VULMON: CVE-2022-33708

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-76491

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy storescope:ltversion:4.5.41.8

Trust: 1.6

sources: CNVD: CNVD-2022-76491 // NVD: CVE-2022-33708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33708
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-76491
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-991
value: HIGH

Trust: 0.6

VULMON: CVE-2022-33708
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-33708
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-76491
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-33708
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-76491 // VULMON: CVE-2022-33708 // CNNVD: CNNVD-202207-991 // NVD: CVE-2022-33708

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

sources: NVD: CVE-2022-33708

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-991

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-991

PATCH

title:Patch for Samsung Galaxy Store Input Validation Error Vulnerability (CNVD-2022-76491)url:https://www.cnvd.org.cn/patchInfo/show/356941

Trust: 0.6

title:Samsung Galaxy Store Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200393

Trust: 0.6

sources: CNVD: CNVD-2022-76491 // CNNVD: CNNVD-202207-991

EXTERNAL IDS

db:NVDid:CVE-2022-33708

Trust: 2.3

db:CNVDid:CNVD-2022-76491

Trust: 0.6

db:CNNVDid:CNNVD-202207-991

Trust: 0.6

db:VULMONid:CVE-2022-33708

Trust: 0.1

sources: CNVD: CNVD-2022-76491 // VULMON: CVE-2022-33708 // CNNVD: CNNVD-202207-991 // NVD: CVE-2022-33708

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=07

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33708

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-33708/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-76491 // VULMON: CVE-2022-33708 // CNNVD: CNNVD-202207-991 // NVD: CVE-2022-33708

SOURCES

db:CNVDid:CNVD-2022-76491
db:VULMONid:CVE-2022-33708
db:CNNVDid:CNNVD-202207-991
db:NVDid:CVE-2022-33708

LAST UPDATE DATE

2024-08-14T14:10:42.220000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-76491date:2022-11-11T00:00:00
db:VULMONid:CVE-2022-33708date:2022-07-16T00:00:00
db:CNNVDid:CNNVD-202207-991date:2022-07-18T00:00:00
db:NVDid:CVE-2022-33708date:2022-07-16T02:51:24.543

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-76491date:2022-10-17T00:00:00
db:VULMONid:CVE-2022-33708date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-991date:2022-07-12T00:00:00
db:NVDid:CVE-2022-33708date:2022-07-12T14:15:18.303